X-Cart:Server Requirements (X-Cart 4.5, 4.6, 4.7)
Server requirements
Operating system
Any operating system is good - as long as it allows deployment of the following required components:
- PHP;
- MySQL;
- Web server with support for PHP (Nginx is recommended).
PHP, MySQL and Apache/Nginx web server requirements are listed further below.
Hardware
Hardware required to achieve a good X-Cart performance depends on many factors, however the most important are Catalog size and Traffic. The table below provides recommended hardware specifications.
| Traffic | ||||
|---|---|---|---|---|
| Catalog size | up to 100 visitors/day | up to 5,000 visitors/day | up to 15,000 visitors/day | |
| 2000 SKUs | a good shared/cloud hosting | VPS / Dedicated server 
 | Dedicated server 
 | |
| 20,000 SKUs | a good shared/cloud hosting | VPS / Dedicated server 
 | Dedicated server 
 | |
| 200,000 SKUs | VPS hosting 
 | Dedicated server 
 | Dedicated server 
 | |
See also:
PHP configuration
PHP version
X-Cart 4.7.0 and later: Any PHP version below 5.6.x should not be used. #PHP7 is recommended for X-Cart versions 4.7.6 and later for better performance
X-Cart 4.5.3-4.6.6: PHP version 5.2.0 or later is required.
Up to X-Cart 4.5.3: PHP versions 4.4.0 - 5.x. (PHP5 support is recommended, but not required).
php.ini settings
required values:
- safe_mode = off
- file_uploads = on
- magic_quotes_sybase = off
- sql.safe_mode = off
- allow_url_fopen = on
- ini_set = on
- memory_limit >= 32M
- (X-Cart v4.5.5 and later) register_globals = off
recommended values:
- disable_functions = NULL
- post_max_size >= 2M
- upload_max_filesize >= 2M
- max_execution_time >= 30
- memory_limit >= 64M
- max_input_time >= 30
- sendmail_from = ...@domain.com (an email address, from which sending mail is allowed)
PHP extensions
required:
- PCRE
 
- MySQL or MySQLI (MySQLI is supported starting with X-Cart version 4.6.4)
 
- if using PHP4, iconv must be enabled
 
recommended:
- FTP - to be able to upload files to GoogleBase
 
- Zlib - for data compression on the fly
 
- GDLib 2.0 or better - required for automatic generation of product thumbnails form product images, for the 'Image Verification' module and for cache generation in the 'Detailed Product Images' module. GDLib must be compiled with libJpeg (ensure that PHP is configured with the option --with-jpeg-dir=DIR, where DIR is the directory where libJpeg is installed).
 
- OpenSSL or Mcrypt - highly recommended to speed up the Blowfish data encrypting process. (OpenSSL is recommended starting with X-Cart version 4.7.9)
 
- xml/Expat - for Intershipper, UPS or USPS shipping modules.
 
- cURL - for some of the online credit card processing modules and for shipping modules (cURL version 7.39.0 or better is recommended).
 
- iconv - for AJAX functionality.
 
Other recommendations
- PHP should be compiled with the --enable-memory-limit option (strongly recommended).
- PHP should be compiled with the --enable-mbstring option. mbstring is used to handle languages that use multibyte character encodings. For more information and a list of supported encodings, see the corresponding section of PHP manual. If you are planning to use languages that require UTF-8 encoding, set the mbstring.func_overload value to 7.
 In X-Cart versions 4.6.2 and later, mbstring is also needed for "responsive" display of notifications.
- If you wish to use an external mail program (like qmail or postfix) instead of the PHP mail() function, this mail program must be installed and configured.
- If you wish to use an SMTP server instead of the PHP mail() function to send mail from the store, the SMTP server must be installed and configured.
- PHP function exec() must be allowed for the correct functioning of most of the CC payment processing modules used with X-Cart (SaferPay, Credomatic, CyberSource, HSBC, Ogone, Ogone Web, PayBox, PaySystems Client, VaultX), HTTPS modules (Net::SSLeay, CURL, OpenSSL, https_cli), GnuPG/PGP.
- PHP functions popen() & pclose() must be allowed for the correct functioning of some HTTPS modules (CURL, Net::SSLeay, OpenSSL, https_cli), payment modules (Saferpay, CyberSource), SMTP mailer (PHPMailer).
- Security recommendation: For stronger cryptographic protection of user passwords, it is recommended to use OpenSSL and PHP version 5.3.7 or later; PHP must be compiled with the --with-openssl[=DIR] option. If you are using a Unix-like OS, make sure the /dev/urandom special file is readable.
For help on PHP configuration settings, visit http://www.php.net.
PHP 7 typical configuration
- Disable all extensions except these: calendar / cgi-fcgi / Core / ctype / curl / date / dom / filter / ftp / gd / gettext / hash / iconv / json / libxml / mbstring / mysqli / mysqlnd / openssl / pcre / posix / readline / Reflection / session / SimpleXML / soap / sodium / SPL / standard / sysvmsg / sysvsem / sysvshm / xml / xmlreader / xmlwriter / Zend OPcache / zlib
- Use Server API FPM/FastCGI with nginx webserver
- Use File:PHP NGINX.tgz sample configs.
MySQL configuration
MySQL version
For X-Cart versions 4.7.х, MySQL 5.7.x/8.x is recommended for better performance, MySQL 8.x is supported starting with X-Cart version 4.7.10
Up to X-Cart 4.7.0 Supported versions: 4.1.2 - 5.7.x
MySQL server settings
MAX_CONNECTIONS >= 200 (required; try using a lower setting when having MySQL issues on a server with less than 4GB of RAM)
MySQL user privileges
Required basic privileges:
- select_priv
- insert_priv
- update_priv
- delete_priv
- lock_tables_priv
- index_priv
- create_priv
- drop_priv
Privileges, required for software installation/upgrade:
- alter_priv
MySQL user limitations
Required values:
- MAX_QUESTIONS - no limitations
- MAX_UPDATES - no limitations
- MAX_QUERIES_PER_HOUR - no limitations
- MAX_USER_CONNECTIONS - no limitations
Recommended values:
- max_allowed_packet - 8-16 MB recommended
- wait_timeout - minimum 7200 (28800 recommended)
Web-server configuration
Nginx is the recommended web server. The settings described below refer to Apache only.
Distributed configuration file
- The name of the file must be ".htaccess" (AccessFileName .htaccess).
- You must have sufficient permissions to change the settings of the web directory via the .htaccess file (AllowOverride = ALL).
PHP running mode
If PHP is installed as CGI, it must be compiled with --enable-force-cgi-redirect (without --enable-discard-path).
Apache modules
Basic modules:
- mod_dir - is required for correct operation of DirectoryIndex
- mod_access - is required for correct operation of Deny From All and Allow From All
- mod_auth - is required for correct operation of HTTP authentication (HTTP authentication is used in Google Checkout module for additional Admin area protection)
Recommended modules
- mod_userdir - is required for access to the website via a temporary URL (http://IP/~user).
- mod_rewrite - is required for correct operation of the Clean URLs functionality.
- mod_expires - is required to set up file caching.
- mod_gzip / mod_deflate - is required for page compression.
Important: If using FastCGI apache module, be sure increase the default values for the FcgidIOTimeout and FcgidIdleTimeout settings in the apache/FastCGI configs. See " CSV import times out before completion..." import/export troubleshooting article for details.
HTTPS settings
- DocumentRoot directories for HTTP and HTTPS must be the same.
- PHP on HTTP and HTTPS must be run under the same user account.
- The php.ini file must be the same for HTTP and HTTPS.
Disk space
A fresh installation of X-Cart 4.3.0 uses at least 30 megabytes of disk space (if installed without add-ons). In addition to that, some disk space will be needed for X-Cart's cache data, image files (if you choose to store them on the file system) and customizations.
MySQL space
The amount of space required for X-Cart database depends on the number of products, customers and orders that will be stored there. Accordingly, database space requirements may vary from as little as 5 megabytes for small shops to over 500 megabytes for large stores.
Advanced requirements and recommended settings
Network settings
- Outgoing connections must be allowed for ports 80, 443 and 1129. Some payment and shipping systems may require additional ports.
- The server firewall must allow loopback connections. This is required for HTML catalog feature.
- External domains must be resolved on the level of PHP as well as on the system level. Such PHP functions as gethostbyaddr and gethostbyname must work without limitations.
- Domains hosted on a hosting with localhost must be resolved to an external IP address if the server is behind NAT.
Other requirements
- A valid SSL certificate from the list of SSL certificates accepted by Google Checkout is required for correct operation of Google Checkout module. For more information, see the section "What SSL certificates does Google Checkout accept?" of Google Checkout Merchant Help.
- Windows or Linux operating system is required for HSBC payment method.
- The following functionality requires no less than 64 MB of memory: backing up/restoring the database, import and product modification.
Environment check
You can check whether your X-Cart store environment is optimal by following a link crafted according to the following pattern:
http://www.example.com/xcart/check_requirements.php?checkrequirements=1&auth_code=XXXXXXXX
where http://www.example.com/xcart/ is the address of your installed X-Cart store, and XXXXXXXX is the Auth code for your X-Cart installation.
The result should be a table like the following:
 
Client-side requirements
JavaScript
The users of X-Cart's back end must have JavaScript enabled in the web browser.
For the users of X-Cart's storefront, enabled JavaScript is recommended: JavaScript is not required for the basic storefront functionality: a user can register, log in, add a product to cart and check out without JavaScript enabled; however, anything above that is not guaranteed to work without enabled JavaScript. For example, although a user will be able to buy a regular product with JavaScript disabled, they will not be able to buy a configurable product or a gift certificate.
If a user enters the store with JavaScript disabled, X-Cart displays a message asking this user to enable JavaScript in the web browser.
Cookies
Both the users of X-Cart's storefront and back end must set their web browser to accept cookies. If a user enters the store using a browser that does not accept cookies and attempts to perform an operation that requires enabled cookies, X-Cart displays a message asking this user to enable cookies in the web browser.
Screen resolution
Minimum required screen resolution for the storefront is 800x600 (recommended: 1024x768 or higher).
Minimum required screen resolution for the back end is 1024x768.
Browser compatibility
- MS Internet Explorer v9 or later
- Mozilla FireFox for Windows v1.5 or later
- Mozilla FireFox for MacOS v2 or later
- Mozilla FireFox for Linux v2 or later
- Opera for Windows/FreeBSD/Linux/MacOS v9 or later
- Safari for Windows/MacOS v3 or later
- Mozilla for Linux v1.8 or later
- Mozilla for FreeBSD v1.8 or later
- Google Chrome

